kwlug-disc-bounces at kwlug.org wrote on 07/31/2009 03:20:54 PM:
> John, sounds like you have effected what I have merely ruminated
> about, repeatedly over the years, but never effected. [Part of my
> ruminations has been over what all to put into a 'home server' -
> discussions of which have all but turned into flame wars at linuxmce.]
We do servers like these all the time for business customers so all the
hard work figuring out how has been paid back by paying customers. We've
also been doing it for years and grew from simple file share systems with
shared internet access to full-blown everything-small-business-wants
servers. We used to call them "Open for Business" servers. That was before
HP stole or re-created the term.
I really haven't gotten into home automation so it's just home networking,
voip, and media.
> Care to list a 'high-level' overview of the process you went through?
> e.g.
> - started with CentOS, I presume. (TrixBox? MythTV?)
I've used Fedora in the past but this last incarnation was Mythdora, just
to ease the issue of installing and configuring Myth. I took the easy way
out on that one. I purchased a Hauppauge HD-PVR and using it requires an
SVN release of Myth. Rather than compile it, I think I'll move the server
to Fedora 11 and install the SVN.
I also have an AppleTV front-end for Myth. It's working, except for the
remote, so I have to VNC from my notebook to select recordings. I'll have
a Mac around the office soon so I can try working with Myth to get remotes
working.
> - added dns
Used ISC bind, to serve my home network I used home.vanostrand.com as the
domain.
> - added dhcp
ISC DHCP.
> - added iptables (Guarddog?)
Years ago I created a script to make rules easier to keep track of for
customers. It's a set of shell functions that allows one to make a bash
script that looks like this:
Interface $INTERNET
Source Any
Destination $SERVER1
Expose 192.168.1.16 tcp 80 443
All the keywords (Internet, Source, Destination, Expose) are just shell
functions that either set variables or run an iptables commands. i.e.
Interface() {
INTERFACE="$1"
SOURCE=""
DESTINATION=""
}
Source() {
SOURCE="$1"
}
Destination() {
DESTINATION="$1"
}
Expose() {
iptables -A FORWARDING ...
iptables -A PREROUTING -t nat ....
}
> - added big disk
Pretty straight forward used LVM and configured it during installation.
> - mirrored
Nope, but it's easiest to setup during installation. There are more
complex methods to change to it. It probably only seems safe for people
who understand the boot process, initrd and are comfortable with LVM
initialization.
> - added vpn
Moved from an ages old ppp-over-ssh to OpenVPN but others would have to
see their network admins for specifics. From outside I used ssh tunnels to
access home resources.
> - added VoIP
This is specific to my situation. My home phone is an extension of the
office. I moved my home number to Unlimitel and use it as a DID to direct
calls home without the Net Direct IVR playing. Some callers are surprised
to hear on-hold music when I answer call-waiting.
I use a Sipura (now linksys) ATA and it connects directly to the office
PBX.
When I moved into the new house the telco demarc was in the garage so it
wasn't easy to split my internal phone wiring off the POTS service so that
I could use all the jacks in the house for phones. I needed to keep it
connected for the DSL connection. I could have run the DSL on the outside
pair of wires and disconnected the internal pair. But I wanted to try my
cordless phones' shared-base-station method. It worked alright.
In the spring I pulled cat 5 to the garage and put in a patch panel in the
basement so that I could run DSL to the panel and modem and split the home
phone wiring.
It was this task that reminded me what I gave up when I went voip. With
Bell/Telus/??? I would have just moved in and it would have worked.
> - added rsync (via Samba?)
I used RSYNC through SSH. I had Samba configured on the last system, but
there wasn't much need. I do use NFS to share some files. I work pretty
fast and loose at home since the wife and kids only rely on Internet
access.
Identity keys are needed to do this automatically.
> - added Mediatomb
That was harder than it should have been, but in the end it turned out to
be easy. It's my Kodak wireless picture frame that can't be configured to
start streaming pictures from Mediatomb on power-on.
> - added apache
Basic for us, we do that all the time. I dropped Drupal on it so my son
could play webmaster.
> - might have added e-mail (Courier?)
If I put email on it would be cyrus-imap/sendmail with a web-front end as
well so I can check while away.
> - therefore might have added spam filter (SpamAssasin?)
I'm used to scanning mail for lots of domains so I don't know what I'd do
if it were for a few email addresses. I might choose a less resource
intensive program like spamassassin. There are lots of niche ways to
combat spam including special configuration of sendmail or greylisting.
Other additions are:
- Wireless access point, Linksys WRT54GL with OpenWRT flashed on it.
- Since moving into the new house (with finished basement) the kids needed
Internet access quickly so I thought I'd try D-Link's DHP-300
Ethernet-over-power option.
John Van Ostrand
Net Direct Inc.
CTO, co-CEO
564 Weber St. N. Unit 12
map
Waterloo, ON N2L 5C6
john at netdirect.ca
Ph: 866-883-1172
ext.5102
Linux Solutions / IBM Hardware
Fx: 519-883-8533